Release 2.0.4

.gitignore

@@ -0,0 +1,4 @@
+/target
+.idea
+lib/FLAREclient.jks
+*.DS_STORE

changelog.md

@@ -0,0 +1,22 @@
+# FLAREclient Version 2.0.4 
+## December 14th, 2015 - Release Changelog
+
+##### Bug Fixes
+
+- A bug in which XML was parsed without a namespace restriction was fixed to allow for wildcard namespaces. This was a problem when attempting to parse and save STIX content blocks from TAXII documents. XML with a namespace prefix in the Element tag would not be parsed, and thus would not be saved.
+
+- An unintended extraneous layer of validation was occurring prior to saving documents in listening mode. The 'listener' HTTP handler validates both TAXII and STIX immediately upon reception.
+
+###### Clarity
+
+Various improvements were made for code clarity and readability. Scripts used to run the client were appended with '.sh' to make it more obvious that they are bash scripts. 
+
+###### Efficiency 
+
+Superfluous logic was purged, and an overall improvement to code efficiency was made. Dead or unused code was removed.
+
+###### Security
+
+Methods were changed from non-static to static wherever possible, in order to improve efficiency and security. Many fields and methods that were unnecessarily public were made private, and many classes were made package-local. References to passwords were removed from method names and scripts.
+
+

config.properties.template

@@ -0,0 +1,32 @@
+# general
+clientVersion=2.0.3
+connectingToFLARE=true
+taxii10NS=http\://taxii.mitre.org/messages/taxii_xml_binding-1
+taxii11NS=http\://taxii.mitre.org/messages/taxii_xml_binding-1.1
+taxiiQuery10NS=http\://taxii.mitre.org/query/taxii_default_query-1
+taxii10serverUrlInbox=https\://FLAREgateway\:8443/flare/taxii/inbox
+taxii10serverUrlPoll=https\://FLAREgateway\:8443/flare/taxii/poll
+taxii11serverUrlInbox=https\://FLAREgateway\:8443/flare/taxii11/inbox
+taxii11serverUrlPoll=https\://FLAREgateway\:8443/flare/taxii11/poll
+httpHeaderUserAgent=FLAREclient application
+httpHeaderContentType=application/xml
+httpHeaderAccept=application/xml
+pathToTrustStore=lib/FLAREclient.jks
+trustStorePassword=
+basePath=
+sslDebug=false
+
+# publisher
+pathToPublisherKeyStore=lib/FLAREclient.jks
+publisherKeyStorePassword=
+publisherKeyName=client
+publisherKeyPassword=
+stix_cB=urn\:stix.mitre.org\:xml\:1.1.1
+
+# subscriber
+pathToSubscriberKeyStore=lib/FLAREclient.jks
+subscriberKeyStorePassword=
+listenerEndpoint=/
+verifyDS=true
+verifyAlias=FLAREdsig
+#feedName_subId=12345678-90ab-cdef-1234-567890abcdef

hash.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+FLARECLIENT_HOME="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+USAGE="Usage: ./hash.sh <propertyName> <value>"
+
+# if not 2 args, print usage
+if [ $# -ne 2 ]; then
+    echo "$USAGE"
+    exit 1
+else
+    PROPERTY=$1
+    shift
+    PASSWORD=$1
+fi
+
+# some Java parameters
+if [ "$JAVA_HOME" != "" ]; then
+    JAVA_HOME=$JAVA_HOME
+fi
+
+if [ "$JAVA_HOME" = "" ]; then
+    echo "Searching for JAVA ..."
+    OUTPUT="$(find / 2>/dev/null -name 'java')"
+    echo OUTPUT: $OUTPUT
+    for f in $OUTPUT
+    do
+	#echo "Processing $f"
+       if [[ $f == *bin/java ]]
+          then
+          echo Java installed in $f
+          LEN=${#f}
+          #echo $LEN
+          DIFF=`expr $LEN - 9`
+          #echo $DIFF
+          JAVA_HOME=${f:0:DIFF}
+          echo using JAVA_HOME: $JAVA_HOME
+          export JAVA_HOME
+          break
+       fi
+    done
+fi
+
+JAVA=$JAVA_HOME/bin/java
+CLASSPATH="$FLARECLIENT_HOME:$FLARECLIENT_HOME/lib/*"
+CLASS=com.bcmcgroup.flare.client.Hash
+
+exec "$JAVA" -cp "$CLASSPATH" $CLASS $PROPERTY $PASSWORD

install.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# update all OS packages
+yum -y update
+yum -y install aide
+
+# update crontab to run aide
+echo ""
+echo "Configuring & initializing aide..."
+crontab -l > /tmp/mycron;
+if [ "$(grep aide /tmp/mycron)" == '' ]; then
+    /usr/sbin/aide --init
+    ln -s /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
+    echo "05 4 * * * root /usr/sbin/aide --check" >> /tmp/mycron
+    crontab /tmp/mycron
+fi
+rm -f /tmp/mycron
+
+# configure audit system
+if [ "$(grep FLAREclient /etc/audit/audit.rules)" == '' ]; then
+    echo ""
+    echo "Configuring audit system..."
+    echo "# These four lines have been added by FLAREclient install" >> /etc/audit/audit.rules
+    echo "-w /sbin/insmod -p x -k modules" >> /etc/audit/audit.rules
+    echo "-w /sbin/rmmod -p x -k modules" >> /etc/audit/audit.rules
+    echo "-w /sbin/modprobe -p x -k modules" >> /etc/audit/audit.rules
+    echo "-a always,exit -f arch=b64 -S init_module -S delete_module -k modules" >> /etc/audit/audit.rules
+fi
+
+# adjust permissions on boot.log
+echo ""
+echo "Adjusting permissions on boot.log"
+chmod 0600 /var/log/boot.log
+
+# override ctrl-alt-delete
+echo ""
+echo "Overriding control-alt-delete..."
+echo -e "start on control-alt-delete\n\nexec /usr/bin/logger -p security.info \"Control-Alt-Delete pressed\"" > /etc/init/control-alt-delete.override
+
+# add "monitored" email address to /etc/aliases
+echo ""
+echo "Adding 'monitored' email address to /etc/aliases..."
+echo "root: dte-operations@cert.org" >> /etc/aliases
+newaliases
+
+echo "Done!"

lib/UnlimitedJCEPolicy/README.txt

@@ -0,0 +1,194 @@
+
+   Unlimited Strength Java(TM) Cryptography Extension Policy Files
+  for the Java(TM) Platform, Standard Edition Runtime Environment 7
+
+                               README
+
+----------------------------------------------------------------------
+CONTENTS
+----------------------------------------------------------------------
+
+     o Introduction
+     o License and Terms
+     o Understanding The Export/Import Issues
+     o Where To Find Documentation
+     o Installation
+     o Questions, Support, Reporting Bugs
+
+
+----------------------------------------------------------------------
+Introduction
+----------------------------------------------------------------------
+
+Thank you for downloading the Unlimited Strength Java(TM) Cryptography
+Extension (JCE) Policy Files for the Java(TM) Platform, Standard
+Edition (Java SE) Runtime Environment 7.
+
+Due to import control restrictions of some countries, the version of
+the JCE policy files that are bundled in the Java Runtime Environment,
+or JRE(TM), 7 environment allow "strong" but limited cryptography to be
+used. This download bundle (the one including this README file)
+provides "unlimited strength" policy files which contain no
+restrictions on cryptographic strengths.
+
+Please note that this download file does NOT contain any encryption
+functionality as all such functionality is contained within Oracle's
+JRE 7. This bundles assumes that the JRE 7 has already been installed.
+
+
+----------------------------------------------------------------------
+License and Terms
+----------------------------------------------------------------------
+
+This download bundle is part of the Java SE Platform products and is
+governed by same License and Terms notices. These notices can be found
+on the Java SE download site:
+
+    http://www.oracle.com/technetwork/java/javase/documentation/index.html
+
+
+----------------------------------------------------------------------
+Understanding The Export/Import Issues
+----------------------------------------------------------------------
+
+JCE for Java SE 7 has been through the U.S. export review process.  The
+JCE framework, along with the various JCE providers that come standard
+with it (SunJCE, SunEC, SunPKCS11, SunMSCAPI, etc), is exportable.
+
+The JCE architecture allows flexible cryptographic strength to be
+configured via jurisdiction policy files. Due to the import
+restrictions of some countries, the jurisdiction policy files
+distributed with the Java SE 7 software have built-in restrictions on
+available cryptographic strength. The jurisdiction policy files in this
+download bundle (the bundle including this README file) contain no
+restrictions on cryptographic strengths.  This is appropriate for most
+countries. Framework vendors can create download bundles that include
+jurisdiction policy files that specify cryptographic restrictions
+appropriate for countries whose governments mandate restrictions. Users
+in those countries can download an appropriate bundle, and the JCE
+framework will enforce the specified restrictions.
+
+You are advised to consult your export/import control counsel or
+attorney to determine the exact requirements.
+
+
+----------------------------------------------------------------------
+Where To Find Documentation
+----------------------------------------------------------------------
+
+The following documents may be of interest to you:
+
+    o  The Java(TM) Cryptography Architecture (JCA) Reference Guide at:
+
+       http://download.oracle.com/javase/7/docs/technotes/guides/security
+
+    o  The Java SE Security web site has more information about JCE,
+       plus additional information about the Java SE Security Model.
+       Please see:
+
+       http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
+
+
+----------------------------------------------------------------------
+Installation
+----------------------------------------------------------------------
+
+Notes:
+
+  o Unix (Solaris/Linux) and Windows use different pathname separators,
+    so please use the appropriate one ("\", "/") for your environment.
+
+  o <java-home> (below) refers to the directory where the JRE was
+    installed. It is determined based on whether you are running JCE
+    on a JRE or a JRE contained within the Java Development Kit, or
+    JDK(TM). The JDK contains the JRE, but at a different level in the
+    file hierarchy. For example, if the JDK is installed in
+    /home/user1/jdk1.7.0 on Unix or in C:\jdk1.7.0 on Windows, then
+    <java-home> is:
+
+        /home/user1/jdk1.7.0/jre           [Unix]
+        C:\jdk1.7.0\jre                    [Windows]
+
+    If on the other hand the JRE is installed in /home/user1/jre1.7.0
+    on Unix or in C:\jre1.7.0 on Windows, and the JDK is not
+    installed, then <java-home> is:
+
+        /home/user1/jre1.7.0               [Unix]
+        C:\jre1.7.0                        [Windows]
+
+  o On Windows, for each JDK installation, there may be additional
+    JREs installed under the "Program Files" directory. Please make
+    sure that you install the unlimited strength policy JAR files
+    for all JREs that you plan to use.
+
+
+Here are the installation instructions:
+
+1)  Download the unlimited strength JCE policy files.
+
+2)  Uncompress and extract the downloaded file.
+
+    This will create a subdirectory called jce.
+    This directory contains the following files:
+
+        README.txt                   This file
+        local_policy.jar             Unlimited strength local policy file
+        US_export_policy.jar         Unlimited strength US export policy file
+
+3)  Install the unlimited strength policy JAR files.
+
+    In case you later decide to revert to the original "strong" but
+    limited policy versions, first make a copy of the original JCE
+    policy files (US_export_policy.jar and local_policy.jar). Then
+    replace the strong policy files with the unlimited strength
+    versions extracted in the previous step.
+
+    The standard place for JCE jurisdiction policy JAR files is:
+
+        <java-home>/lib/security           [Unix]
+        <java-home>\lib\security           [Windows]
+
+
+-----------------------------------------------------------------------
+Questions, Support, Reporting Bugs
+-----------------------------------------------------------------------
+
+Questions
+---------
+
+For miscellaneous questions about JCE usage and deployment, we
+encourage you to read:
+
+    o Information on the Java SE Security web site
+
+      http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
+
+    o The Oracle Online Community Forums, specifically the Java
+      Cryptography forum. The forums allow you to tap into the
+      experience of other users, ask questions, or offer tips to others
+      on a variety of Java-related topics, including JCE. There is no
+      fee to participate.
+
+      http://forums.oracle.com/
+      http://forums.oracle.com/forums/forum.jspa?forumID=964  (JCE
+      forum)
+
+
+Support
+-------
+
+For more extensive JCE questions or deployment issues, please contact
+our Technical Support staff at:
+
+    http://support.oracle.com
+
+
+Reporting Bugs
+--------------
+
+To report bugs (with sample code) or request a feature, please see:
+
+    http://bugreport.sun.com/bugreport/
+
+Bug reports with specific, reproducible test cases are greatly
+appreciated!